WordPress.org
Get WordPress

Plugin Directory

Changeset 3476218


Ignore:
Timestamp:
03/06/2026 09:32:33 AM (3 weeks ago)
Author:
wpmessiah
Message:

fix security issues

Location:
swiss-toolkit-for-wp
Files:
1287 added
4 edited

Legend:

Unmodified
Added
Removed

  • swiss-toolkit-for-wp/trunk/README.txt

    r3472547 r3476218  
    55Requires at least: 5.2
    66Tested up to: 6.9
    7 Stable tag: 1.4.3
     7Stable tag: 1.4.4
    88Requires PHP: 7.4
    99License: GPLv2 or later
     
    130130 == Changelog ==
    131131
     132= 1.4.4 - 06 March 2026 =
     133- Security Fix: Patched arbitrary file upload vulnerability in Enhanced Multi-Format Image Support (CVE-2026-2354).
     134- Security Fix: Replaced strpos() with strict pathinfo() extension validation in upload_extension_files().
     135- Security Fix: Added dangerous file extension blocklist to prevent executable file uploads.
     136
    132137= 1.4.3 - 02 March 2026 =
    133138- Updated: WordPress compatibility tested up to 6.9.

  • swiss-toolkit-for-wp/trunk/boomdevs-swiss-toolkit.php

    r3472547 r3476218  
    1717 * Plugin URI:        https://wpmessiah.com
    1818 * Description:       Say Goodbye to Plugin Overload - WP Swiss Toolkit Has It All
    19  * Version:           1.4.3
     19 * Version:           1.4.4
    2020 * Requires at least: 5.2
    2121 * Requires PHP:      7.4
     
    3838 * Rename this for your plugin and update it as you release new versions.
    3939 */
    40 define('BDSTFW_SWISS_TOOLKIT_VERSION', '1.4.3');
     40define('BDSTFW_SWISS_TOOLKIT_VERSION', '1.4.4');
    4141define('BDSTFW_SWISS_TOOLKIT_PATH', plugin_dir_path(__FILE__));
    4242define('BDSTFW_SWISS_TOOLKIT_URL', plugin_dir_url(__FILE__));

  • swiss-toolkit-for-wp/trunk/includes/class-boomdevs-swiss-toolkit.php

    r3472547 r3476218  
    6868                $this->version = BDSTFW_SWISS_TOOLKIT_VERSION;
    6969            } else {
    70                 $this->version = '1.4.3';
     70                $this->version = '1.4.4';
    7171            }
    7272            $this->plugin_name = 'swiss-toolkit-for-wp';

  • swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php

    r3303628 r3476218  
    6868
    6969            $extensions_array = explode(', ', $supports);
     70            $extensions_array = array_map('trim', $extensions_array);
     71            $extensions_array = array_map('strtolower', $extensions_array);
    7072
    7173            $mime_types = [
     
    9193            ];
    9294
     95            // Dangerous extensions that should NEVER be allowed
     96            $dangerous_extensions = [
     97                'php', 'phtml', 'php3', 'php4', 'php5', 'php7', 'phps',
     98                'pht', 'phar', 'cgi', 'pl', 'py', 'sh', 'bash',
     99                'exe', 'bat', 'cmd', 'com', 'htaccess', 'asp', 'aspx', 'jsp'
     100            ];
     101
     102            // Extract the ACTUAL file extension (after the last dot)
     103            $file_extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
     104
     105            // Immediately reject dangerous file types
     106            if (in_array($file_extension, $dangerous_extensions, true)) {
     107                return $types;
     108            }
     109
     110            // Remove any dangerous extensions from admin-configured list
     111            $extensions_array = array_diff($extensions_array, $dangerous_extensions);
     112
    93113            foreach ($extensions_array as $extension) {
    94                 if(array_key_exists($extension, $mime_types)) {
    95                     if (false !== strpos($filename, '.'.$extension)) {
     114                if (array_key_exists($extension, $mime_types)) {
     115                    // FIXED: Strict match — only allow if actual extension matches exactly
     116                    if ($file_extension === $extension) {
    96117                        $types['ext'] = $extension;
    97118                        $types['type'] = $mime_types[$extension];
Note: See TracChangeset for help on using the changeset viewer.